CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
Exploit Title: CVE-2015-2563 Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Web Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3 0.9.9
Tested Version: 1.2.3 0.9.9
Advisory Publication: March 13, 2015
Latest Update: April 25, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]
CVE Reference: CVE-2015-2563
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Direction Details:
(1) Vendor & Product Description:
Vendor:
Vastal I-tech
Product & Vulnerable Versions:
phpVID
1.2.3
0.9.9
Vendor URL & Download:
phpVID can be approached from here,
http://www.vastal.com/phpvid-the-video-sharing-software.html#.VP7aQ4V5MxA
Product Introduction Overview:
“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest features include the parsing of the subtitles file and sharing videos via facebook. With phpVID Video Sharing is extremely easy."
“The quality of code and the latest web 2.0 technologies have helped our customers to achieve their goals with ease. Almost all customers who have purchased phpVID are running a successful video sharing website. The quality of code has helped in generating more then 3 million video views a month using a “single dedicated server". phpVID is the only software in market which was built in house and not just purchased from someone. We wrote the code we know the code and we support the code faster then anyone else. Have any questions/concerns please contact us at: info@vastal.com. See demo at: http://www.phpvid.com. If you would like to see admin panel demo please email us at: info@vastal.com."
“Server Requirements:
Preferred Server: Linux any Version
PHP 4.1.0 or above
MySQL 3.1.10 or above
GD Library 2.0.1 or above
Mod Rewrite and .htaccess enabled on server.
FFMPEG (If you wish to convert the videos to Adobe Flash)"
(2) Vulnerability Details:
phpVID web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Other bug hunter researchers have found some SQL Injection vulnerabilities related to it before, too. phpVID has patched some of them.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpVID has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to important vulnerabilities.
(2.1) The first code programming flaw occurs at “&order_by" “&cat" parameters in “groups.php?" page.
Related Links:
http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.html
https://progressive-comp.com/?l=full-disclosure&m=142601071700617&w=2
http://seclists.org/fulldisclosure/2015/Mar/58
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1699
http://lists.openwall.net/full-disclosure/2015/03/10/8
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142601071700617&w=2
http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2563/
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551597501701&w=2
https://cxsecurity.com/issue/WLB-2015020091
https://www.facebook.com/permalink.php?story_fbid=935563809832135&id=874373602617823
http://t.qq.com/p/t/482410003538035
http://biboying.lofter.com/post/1cc9f4f5_6ee2aa5
http://mathpost.tumblr.com/post/118768553885/xingti-cve-2015-2563-vastal-i-tech-phpvid
http://essayjeans.lofter.com/post/1cc7459a_6ee4fcb
http://xingti.tumblr.com/post/118768481545/cve-2015-2563-vastal-i-tech-phpvid-1-2-3-sql
https://plus.google.com/113698571167401884560/posts/gftS84rfD3A
https://itswift.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/
https://www.facebook.com/essayjeans/posts/827458144012006
https://tetraph.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/
http://mathstopic.blogspot.com/2015/05/cve-2015-2563-vastal-i-tech-phpvid-123.html
http://yurusi.blogspot.sg/2015/05/cve-2015-2563-vastal-i-tech-phpvid-123.html
https://twitter.com/tetraphibious/status/598057025247907840
http://tetraph.blog.163.com/blog/static/23460305120154125453111/
CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities
Exploit Title: CVE-2015-2243 Webshop hun v1.062S /index.php &mappa Parameter Directory Traversal Web Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: March 01, 2015
Latest Update: April 28, 2015
Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]
CVE Reference: CVE-2015-2243
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Introduction Details:
(1) Vendor & Product Description:
Vendor:
Webshop hun
Product & Version:
Webshop hun
v1.062S
Vendor URL & Download:
Webshop hun can be required from here,
http://www.webshophun.hu/index
Product Introduction Overview:
Webshop hun is an online product sell web application system.
“If our webshop you want to distribute your products, but it is too expensive to find on the internet found solutions, select the Webshop Hun shop program and get web store for free and total maker banner must display at the bottom of the page 468×60 size. The download shop program, there is no product piece limit nor any quantitative restrictions, can be used immediately after installation video which we provide assistance.
“The Hun Shop store for a free for all. In our experience, the most dynamic web solutions ranging from our country. If the Webshop Hun own image does not suit you, you can also customize the look of some of the images and the corresponding text replacement, or an extra charge we can realize your ideas. The Webshop Hun pages search engine optimized. They made the Hun Shop web program to meet efficiency guidelines for the search engines. The pages are easy to read and contain no unnecessary HTML tags. Any web page is simply a few clicks away."
(2) Vulnerability Details:
Webshop hun web application has a computer security bug problem. It can be exploited by Directory Traversal – Local File Include (LFI) attacks. A local file inclusion (LFI) flaw is due to the script not properly sanitizing user input, specifically path traversal style attacks (e.g. ‘../../’) supplied to the parameters. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host.
Several similar products vulnerabilities have been found by some other bug hunter researchers before. Webshop hun has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to website vulnerabilities.
(2.1) The vulnerability occurs at “&mappa" parameter in “index.php?" page.
References:
http://securityrelated.blogspot.sg/2015/03/webshop-hun-v1062s-directory-traversal.html
http://packetstormsecurity.com/files/130653/Webshop-Hun-1.062S-Directory-Traversal.html
http://marc.info/?l=full-disclosure&m=142551569801614&w=4
http://lists.openwall.net/full-disclosure/2015/03/05/5
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01902.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1666
http://seclists.org/fulldisclosure/2015/Mar/26
http://lists.kde.org/?a=139222176300014&r=1&w=2
http://webcabinet.tumblr.com/post/118677916572/cve-2015-2243-webshop-hun-v1-062s-directory
http://www.covertredirect.com/tech/
https://plus.google.com/+essayjeans/posts/4yoeMytdEKx
http://whitehatpost.blog.163.com/blog/static/242232054201541122051794/
http://user.qzone.qq.com/2519094351/blog/1431325305
https://www.facebook.com/permalink.php?story_fbid=734394456671300&id=660347734075973
http://germancast.blogspot.de/2015/05/cve-2015-2243-webshop-hun-v1062s.html
CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities
Vendor: My Little Forum
Product: My Little Forum
Vulnerable Versions: 2.3.3 2.2 1.7
Tested Version: 2.3.3 2.2 1.7
Advisory Publication: February 04, 2015
Latest Update: February 11, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-1475
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)
Recommendation Details:
(1) Vendor & Product Description
Vendor:
My Little Forum
Product & Version:
My Little Forum
2.3.3
2.2
1.7
Vendor URL & Download:
Product Description:
“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.
Features
Usenet like threaded tree structure of the messages
Different views of the threads possible (classical, table, folded)
Categories and tags
BB codes and smilies
Image upload
Avatars
RSS Feeds
Template engine (Smarty)
Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)
Localization: language files, time zone and UTF-8 support (see current version for already available languages)”
My Little Forum web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The first programming code flaw occurs at “forum.php?" page with “&page", “&category" parameters.
(2.2) The second programming code flaw occurs at “board_entry.php?" page with “&page", “&order" parameters.
(2.3) The third programming code flaw occurs at “forum_entry.php" page with “&order", “&page" parameters.
References:
http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html
http://seclists.org/fulldisclosure/2015/Feb/15
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553
http://packetstormsecurity.com/files/authors/11270
http://marc.info/?a=139222176300014&r=1&w=4
http://lists.openwall.net/full-disclosure/2015/02/03/2
http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html
http://www.osvdb.org/creditees/12822-wang-jing
https://twitter.com/tetraphibious/status/597971919892185088
http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html
https://www.facebook.com/tetraph/posts/1649600031926623
http://user.qzone.qq.com/2519094351/blog/1431403836
https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993
https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j
http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#
http://whitehatpost.lofter.com/post/1cc773c8_6ed5839
http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web
CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability
Vendor: OptimalSite
Product: OptimalSite Content Management System (CMS)
Vulnerable Versions: V.1 V2.4
Tested Version: V.1 V2.4
Advisory Publication: January 24, 2015
Latest Update: January 31, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9562
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Jing Wang [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)
Suggestion Details:
(1) Vendor & Product Description
Vendor:
OptimalSite
Product & Version:
OptimalSite Content Management System (CMS)
V.1
V2.4
Vendor URL & Download:
The product can be obtained from here,
http://www.optimalsite.com/en/
Product Description Overview:
“Content management system OptimalSite is an online software package that enables the management of information published on a website. OptimalSite consists of the system core and integrated modules, which allow expanding website possibilities and functionality. You may select a set of modules that suits your needs best.
Website page structure
Website page structure is presented in a tree structure similar to Windows Explorer, so that several page levels can be created for each item on the menu. The website’s structure itself can be easily edited: you can create new website pages, delete unnecessary ones, and temporarily disable individual pages.
Website languages
OptimalSite may be used to create a website in different languages, the number of which is not limited. Different information may be presented in each separate language and the structure of pages in each language may also differ.
WYSIWYG (What You See Is What You Get) text editor
Using this universal text editor makes posting and replacing information on the website effortless. Even a minimum knowledge of MS Word and MS Excel will make it easy to use the tools of WYSIWYG text editor and implement your ideas.
Search function in the system
By using search function system’s administrator is able to find any information that is published in administrative environment. It is possible to execute a search in the whole system and in separate its’ modules as well.
Recycle bin function
System administrator is able to delete useless data. All deleted data is stored in recycle bin, so administrator can restore information anytime. “
(2) Vulnerability Details:
OptimalSite web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other the similar product 0-day vulnerabilities have been found by some other bug hunter researchers before. OptinalSite has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The code programming flaw occurs at “&image" parameter in “display_dialog.php" page.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9562
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01646.html
http://lists.openwall.net/full-disclosure/2015/02/02/3
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1546
http://japanbroad.blogspot.sg/2015/05/cve-2014-9562-optimalsite-content.html
http://tetraph.blog.163.com/blog/static/234603051201541082835108/
https://www.facebook.com/permalink.php?story_fbid=1025716320801705&id=922151957824809
https://twitter.com/yangziyou/status/597377123976785920
https://plus.google.com/110001022997295385049/posts/7rNn4ynjzRP
http://itsecurity.lofter.com/post/1cfbf9e7_6e96648
http://securitypost.tumblr.com/post/118602594462/cve-2014-9562-optimalsite-content-management
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: TennisConnect “TennisConnect COMPONENTS System" /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor URL:
http://www.tennisconnect.com/products.cfm#Components
Product Description:
TennisConnect COMPONENTS
* Contact Manager (online player database)
* Interactive Calendar including online enrollment
* League & Ladder Management through Tencap Tennis
* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)
* Multi-Administrator / security system with Page Groups
* Member Administration
* MobileBuilder
* Online Tennis Court Scheduler
* Player Matching (Find-a-Game)
* Web Site Builder (hosted web site and editing tools at www. your domain name .com)
(2) Vulnerability Details.
TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “/index.cfm?" page, with “&pid" parameter.
References:
http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490
http://www.osvdb.org/show/osvdb/116149
http://cve.scap.org.cn/CVE-2014-8490.html
http://en.hackdig.com/?11701.htm
http://seclists.org/fulldisclosure/2014/Dec/83
http://securitypost.tumblr.com/
http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#
http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352